The Trend Micro blog reported today that three exploits have been
released and outlined the following illustrated scenario for QuickTime
exploitation:

"The attacker executes the exploit on his/her own computer, listening on
port 554 (port 554 - default port for RTSP protocol). The attacker's
machine then tries to wait for RTSP request from its victim. The
attacker creates a Web site with the malicious RTSP link embedded
(redirected to the exploit) or pops a message with the exact media link
location of the exploit to the victim's Messenger. The victim is then
enticed to visit the malicious link or view the media opens the link
using QuickTime Player. The exploit listening on port 554 is triggered
to send a response with a malformed RTSP header."

Trend Micro states that attackers could also use web sites with embedded
script/objects that direct RTSP connections to a malicious remote
server.